WEP (and WPA) encrypt the signal (except the maintenance traffic). Anything captured "off the air" will be unreadable (crackable from a captured file, but not readable in real-time).
MAC filtering will prevent non-spoofed traffic from entering your wireless network, but all transmissions can be caught and read in (near) real-time ... and/or can be saved to a file and browsed later.
Since the MAC of the client is in clear-text, capturing some transmissions and stealing the MAC for spoofing is fairly easy.
WPA changes the key periodically, hopefully faster than it takes to break the current key (by the time the key is cracked, the active key has changed). SO it's possible (though unlikely for the common twit) that the traffic can be captured and later decrypted ... each chunk would have to be decrypted with the key that was active at the time.
Another step towards securing your wireless would be to turn off "Broadcast SSID." Without a broadcast SSID, the twits will have to guess (or capture the whole spectrum and guess) what your "circuit ID" is. Since you know what it is, and it won't be broadcast, you'll have to manually enter the SSID for each client. It doesn't make it unbreakable, but it does increase the difficulty somewhat ... another layer of (minor) pain. The Idea is that the twits will move on to a softer target (and Lawd knows, there's more than a few of those).
FWIW
Scott
Facebook
Twitter